V18 NAT does not work with multiple WAN gateways.

Question

On 18.0.1 MR-1-Build396 . 
 The new NAT setup does not work. On v17, picking the gateway you wanted worked great. 
 The gateway setup does not work. If the WAN gateway and VPN gateway have the same weight (as shown below), then the WAN stops working. If I change the weight of the internet WAN gateway to 2 or more, the internet works again.

The default NAT rule only has the internet WAN link in it and not the VPN WAN link in it. This works when the gateway weights are not equal. 
 
 This NAT rule for the guest network DOES NOT WORK. 
 The only way to get NAT to work with a second WAN link (as shown below) is to create a linked NAT rule and then override SNAT for ONE specific host. So how am I supposed to have a guest network with a separate WAN link? 
 Thanks for listening. 
 EDIT 1:yes, there is a corresponding firewall rule in case you are wondering.

Fenster99 · Accepted Answer

Try to delete all your NAT rules. The default NAT rule on bot will pick up the traffic. Make sure, both WAN Gateways are selected there. 
 As counter intuitive as that seemed to be, it worked! Thank you so much. I appreciate the help, and I am glad that it is working, but I still feel the v17 solution was the more elegant one.

LuCar Toni · Answer

You are mixing up two different point in the product. 
 WAN Gateway in V17 is SD-WAN PBR in V18. 
 MASQ in V17 is NAT in V18. 
 So of course, NAT will not work, if you did this with PBR in V17. 
 
 Try to delete all your NAT rules. The default NAT rule on bot will pick up the traffic. Make sure, both WAN Gateways are selected there. 
 Check your SD-WAN PBR Rules, if they are correct and matching. 
 Make sure, Routing precedence is not causing issues in your setup (For example you have Static before SD-WAN and have a static route to your destination network). 
 
 Migrating from V17 to V18 will actually copy the Firewall selection of the gateway into a SD-WAN PBR.

V18 NAT does not work with multiple WAN gateways.

Top Replies